Report - ww6.ww.25.jenny.somini.ga/

Report Overview

Visited public
2023-11-07 21:31:21
Tags
URL
ww6.ww.25.jenny.somini.ga/
Finishing URL
ww6.ww.25.jenny.somini.ga/
IP / ASN
35.186.238.101
#15169 GOOGLE
Title
ww6.ww.25.jenny.somini.ga/

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ww6.ww.25.jenny.somini.ga	unknown	unknown	No data	No data	1.2 kB	3.3 kB	35.186.238.101
img1.wsimg.com	9893	2008-03-17	2012-06-20 16:42:31	2023-11-07 09:33:54	898 B	204 kB	23.36.79.16

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-07 21:31:00	low	Client IP	Internal IP	ET INFO DNS Query for Suspicious .ga Domain
2023-11-07 21:31:00	medium	Client IP	35.186.238.101	ET INFO HTTP Request to a *.ga domain
2023-11-07 21:31:00	medium	Client IP	35.186.238.101	ET INFO HTTP Request to a *.ga domain
2023-11-07 21:31:00	medium	Client IP	35.186.238.101	ET INFO HTTP Request to a *.ga domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	www.google.com/adsense/domains/caf.js?abp=1	ScriptElement	150 kB	2023-11-02	2023-11-09
Pretty URL www.google.com/adsense/domains/caf.js?abp=1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 21:38 Last Seen2023-11-09 12:24 Times Seen199 Hash 82c98d259cac74fa99fbb0d1b6fbbda6 c5ece156539600db3d27c86a978cd02750c062cc 5df6a4379a761980addd89037e7f9a43b758551e797eedacaf876f34cbd02182 Loading...

	ww6.ww.25.jenny.somini.ga/	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL ww6.ww.25.jenny.somini.ga/ IP 35.186.238.101 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 06:56 Times Seen4651468 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ww6.ww.25.jenny.somini.ga/px.js?ch=1&abp=1	ScriptElement	476 B	2023-03-13	2024-08-21
Pretty URL ww6.ww.25.jenny.somini.ga/px.js?ch=1&abp=1 IP 35.186.238.101 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:28 Last Seen2024-08-21 09:44 Times Seen9007 Hash d2183968f9080b37babfeba3ccf10df2 24b9cf589ee6789e567fac3ae5acfc25826d00c6 4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc Loading...

	img1.wsimg.com/parking-lander/static/js/main.32a72d74.js	ScriptElement	730 kB	2023-10-12	2023-11-16
Pretty URL img1.wsimg.com/parking-lander/static/js/main.32a72d74.js IP 23.36.79.16 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-12 09:08 Last Seen2023-11-16 04:25 Times Seen1725 Hash 256e5c3738a4cf63368a60d2b8cf917e b74c6be3e01843e70ce0319aa12cbb50b6d59cf2 8f14327418c9a725459dcf7ce1457edec97aac535f31e83f28c2bbb9f61d94b6 Loading...

HTTP Transactions (5)

URL IP Response Size

ww6.ww.25.jenny.somini.ga/

35.186.238.101

1.2 kB

URL
ww6.ww.25.jenny.somini.ga/
IP
35.186.238.101:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1177), with no line terminators
Size
1.2 kB (1177 bytes)
Hash
c808db70824aa954826709d3f25d3707
cafe914df76a1e8e472d23865763c69d28c3e5da
99b300938fbaf5e642bb38dafd43152266c48a7fa3724989ba0b2109ac33c0d0

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

GET / HTTP/1.1
Host: ww6.ww.25.jenny.somini.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Tue, 07 Nov 2023 21:31:00 GMT
Content-Type: text/html
Content-Length: 1177
Last-Modified: Thu, 26 Oct 2023 05:17:23 GMT
ETag: "6539f663-499"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_A2wEXoNMoKvHE+KVQGblPymlrH2dsjrhsdK2w3SkR18YwbkJ3+J9cxc9DJlk2pVyhINLwUDuAIT+pHHiWuL9OQ
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google

img1.wsimg.com/parking-lander/static/js/main.32a72d74.js

23.36.79.16

202 kB

URL
img1.wsimg.com/parking-lander/static/js/main.32a72d74.js
IP
23.36.79.16:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65465)
Size
202 kB (202232 bytes)
Hash
256e5c3738a4cf63368a60d2b8cf917e
b74c6be3e01843e70ce0319aa12cbb50b6d59cf2
8f14327418c9a725459dcf7ce1457edec97aac535f31e83f28c2bbb9f61d94b6

HTTP Headers

GET /parking-lander/static/js/main.32a72d74.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww6.ww.25.jenny.somini.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: pDt/l/qOXgaQnidcLFlD3DQ+xyfi6oo2CYL/aMmfwn7oDMGoQDfpSMdgYqYNltUwiUJq51Keo1o=
x-amz-request-id: 8WWJRX5RXFPXCBFD
last-modified: Wed, 11 Oct 2023 21:15:22 GMT
etag: "256e5c3738a4cf63368a60d2b8cf917e"
x-amz-server-side-encryption: AES256
x-amz-version-id: 89i32sZIro9NM.9yE26llqD2LxWoJ9JV
accept-ranges: bytes
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Wed, 06 Nov 2024 21:31:00 GMT
date: Tue, 07 Nov 2023 21:31:00 GMT
content-length: 202232
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

img1.wsimg.com/parking-lander/static/css/main.b706c083.css

23.36.79.16

193 B

URL
img1.wsimg.com/parking-lander/static/css/main.b706c083.css
IP
23.36.79.16:0
ASN
#20940 Akamai International B.V.

File type
ASCII text
Size
193 B (193 bytes)
Hash
b370238e18d0f075f1527034e55ae938
577668d4f10df8e1dc5531facefafcd2a184b36b
d9ee660f3259931784ab34ff824b344a343a1ecea23eb2c6c24c587682cad1e7

HTTP Headers

GET /parking-lander/static/css/main.b706c083.css HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww6.ww.25.jenny.somini.ga/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: KKES2/i12FSPm4WKeWjt7zryuVpPRjCWnRRQJup2zeHoibX9K+caWt07nX2ZS5Y7uAEuktyIaJo=
x-amz-request-id: 8WWNKSZPHFCAVRAK
last-modified: Wed, 11 Oct 2023 21:15:28 GMT
etag: "b370238e18d0f075f1527034e55ae938"
x-amz-server-side-encryption: AES256
x-amz-version-id: bOdoCQX056dtcHo25CQRQCautfa1Po3E
accept-ranges: bytes
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Wed, 06 Nov 2024 21:31:00 GMT
date: Tue, 07 Nov 2023 21:31:00 GMT
content-length: 193
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

ww6.ww.25.jenny.somini.ga/px.js?ch=1&abp=1

35.186.238.101

476 B

URL
ww6.ww.25.jenny.somini.ga/px.js?ch=1&abp=1
IP
35.186.238.101:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
476 B (476 bytes)
Hash
d2183968f9080b37babfeba3ccf10df2
24b9cf589ee6789e567fac3ae5acfc25826d00c6
4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

GET /px.js?ch=1&abp=1 HTTP/1.1
Host: ww6.ww.25.jenny.somini.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww6.ww.25.jenny.somini.ga/
Cookie: caf_ipaddr=91.90.42.154; country=NO; city=""; expiry_partner=
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Tue, 07 Nov 2023 21:31:00 GMT
Content-Type: application/javascript
Content-Length: 476
Last-Modified: Thu, 26 Oct 2023 05:17:22 GMT
ETag: "6539f662-1dc"
Accept-Ranges: bytes
Via: 1.1 google

ww6.ww.25.jenny.somini.ga/px.js?ch=2&abp=1

35.186.238.101

476 B

URL
ww6.ww.25.jenny.somini.ga/px.js?ch=2&abp=1
IP
35.186.238.101:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
476 B (476 bytes)
Hash
d2183968f9080b37babfeba3ccf10df2
24b9cf589ee6789e567fac3ae5acfc25826d00c6
4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

GET /px.js?ch=2&abp=1 HTTP/1.1
Host: ww6.ww.25.jenny.somini.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww6.ww.25.jenny.somini.ga/
Cookie: caf_ipaddr=91.90.42.154; country=NO; city=""; expiry_partner=
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Tue, 07 Nov 2023 21:31:00 GMT
Content-Type: application/javascript
Content-Length: 476
Last-Modified: Thu, 26 Oct 2023 05:17:22 GMT
ETag: "6539f662-1dc"
Accept-Ranges: bytes
Via: 1.1 google

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (5)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers